Defensive Security Tools

Bro – https://www.bro.org/ – If you are looking to gain more insight into what is happening on your network then Bro is a powerful tool.

Graylog – https://www.graylog.org/ – Graylog is an open-source log server that provides rich searching and alerting capabilities. Being able to review all of your logs in one place and send alerts when problems come up can save a great deal of time.

OpenVAS – http://www.openvas.org/ – Not the fastest or most user friendly vulnerability scanner, but one of the few open source options available. For those defenders on a budget OpenVAS is a great way to find and then resolve the low hanging fruit.

OSSIM Open-Source SIEM – https://www.alienvault.com/products/ossim – There are not a lot of open-source Security Information and Event Management (SIEM) platforms available. OSSIM provides management and alerting for logs and security events, but it also packs in a ton of other features such as vulnerability scanning. If you need a SIEM, but have no cash OSSIM is a great option.

Privacy Tools – https://www.privacytools.io/ – Privacy Tools provides all the information you need to help you be more paranoid when it comes to privacy. They have recommended Virtual Private Network (VPN) service providers, privacy protecting Internet search engines and etc.

Security Onion – https://securityonion.net/ A Linux operating system that bundles a variety of open source tools to help get more visibility into a network from a security perspective.

SHIPS – https://www.trustedsec.com/ships/ TrustedSecs SHIPS is an open-source solution that provides unique local account passwords in Linux and Windows. If you read NIST’s 800-118 document on password management it recommends unique local administrative passwords on each computer. Stop using the same local admin password across all hosts and put something like SHIPS into play.